CVE-2026-42171

NameCVE-2026-42171
DescriptionNSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nsis (PTS)bullseye3.06.1-1vulnerable
bullseye (security)3.06.1-1+deb11u1vulnerable
bookworm3.08-3+deb12u1vulnerable
forky, sid, trixie3.11-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nsissource(unstable)(unfixed)

Notes

Fixed by: https://github.com/NSIS-Dev/nsis/commit/8e6f02205d5f22da6c7855dbfe59b2af667330ca (v312)
Search for package or bug name: Reporting problems